Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 10:53 p.m.3 views

CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

5.7CVSS5.8AI score0.00149EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.5 views

Admidio is Missing CSRF Protection on Role Membership Date Changes

The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that check...

5.7CVSS5.8AI score0.00149EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/09/27 12:15 p.m.11 views

CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

9.8CVSS0.01574EPSS
Exploits0References2
OSV
OSV
added 2021/09/27 12:15 p.m.5 views

CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

9.8CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2021/09/27 12:15 p.m.18 views

Path traversal

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

7.5CVSS9.2AI score0.01574EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 11:8 a.m.16 views

CVE-2021-40098

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression...

9.6AI score0.01574EPSS
Exploits0References2
CVE
CVE
added 2021/09/27 11:8 a.m.46 views

CVE-2021-40098

Concrete CMS up to 8.5.5 contains a path traversal vulnerability that can lead to remote code execution via an external form by adding a regular expression. Multiple connected sources describe the issue as a path traversal enabling RCE, affecting Concrete CMS versions 8.5.5 and earlier. The root ...

9.8CVSS9.3AI score0.01574EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder